Skip to content

Commit 84425d5

Browse files
dependabot[bot]dependabot[bot]
authored
chore(deps): Bump the github-actions group across 1 directory with 7 updates (#128)
Bumps the github-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [docker/login-action](https://github.com/docker/login-action) | `3` | `4` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.33.1` | `0.35.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3` | `4` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `3` | `4` | Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) Updates `aquasecurity/trivy-action` from 0.33.1 to 0.35.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.33.1...0.35.0) Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v3...v4) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6...v7) Updates `actions/attest-build-provenance` from 3 to 4 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/attest-build-provenance dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 0a65511 commit 84425d5

File tree

3 files changed

+11
-11
lines changed

3 files changed

+11
-11
lines changed

.github/workflows/amd-image-sbom.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,14 +30,14 @@ jobs:
3030
uses: sigstore/cosign-installer@main
3131

3232
- name: Login to Quay
33-
uses: docker/login-action@v3
33+
uses: docker/login-action@v4
3434
with:
3535
registry: quay.io/triton-dev-containers
3636
username: ${{ secrets.qt_username }}
3737
password: ${{ secrets.qt_password }}
3838

3939
- name: Generate SBOM with Trivy
40-
uses: aquasecurity/trivy-action@0.33.1
40+
uses: aquasecurity/trivy-action@0.35.0
4141
with:
4242
image-ref: quay.io/triton-dev-containers/amd:${{ inputs.image-tag }}
4343
format: spdx-json
@@ -51,7 +51,7 @@ jobs:
5151
run: gzip ./sbom-amd-${{ inputs.image-tag }}.spdx.json
5252

5353
- name: Save SBOM as artifact
54-
uses: actions/upload-artifact@v6
54+
uses: actions/upload-artifact@v7
5555
with:
5656
name: sbom-amd-${{ inputs.image-tag }}.spdx.json.gz
5757
path: ./sbom-amd-${{ inputs.image-tag }}.spdx.json.gz

.github/workflows/image-build.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -34,27 +34,27 @@ jobs:
3434
fetch-depth: 0
3535

3636
- name: Set up QEMU
37-
uses: docker/setup-qemu-action@v3
37+
uses: docker/setup-qemu-action@v4
3838
with:
3939
image: tonistiigi/binfmt:qemu-v8.1.5
4040

4141
- name: Set up Docker Buildx
42-
uses: docker/setup-buildx-action@v3
42+
uses: docker/setup-buildx-action@v4
4343

4444
- name: Set up cosign
4545
uses: sigstore/cosign-installer@main
4646

4747
- name: Login to Quay
4848
if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
49-
uses: docker/login-action@v3
49+
uses: docker/login-action@v4
5050
with:
5151
registry: quay.io/triton-dev-containers
5252
username: ${{ secrets.qt_username }}
5353
password: ${{ secrets.qt_password }}
5454

5555
- name: Build and (conditionally) push image
5656
id: build-push-image
57-
uses: docker/build-push-action@v6
57+
uses: docker/build-push-action@v7
5858
with:
5959
context: .
6060
platforms: ${{ inputs.platforms }}
@@ -72,7 +72,7 @@ jobs:
7272
7373
- name: Generate image attestation
7474
if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
75-
uses: actions/attest-build-provenance@v3
75+
uses: actions/attest-build-provenance@v4
7676
with:
7777
subject-name: quay.io/triton-dev-containers/${{ inputs.image-name }}
7878
subject-digest: ${{ steps.build-push-image.outputs.digest }}

.github/workflows/image-sbom.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,14 +34,14 @@ jobs:
3434
uses: sigstore/cosign-installer@main
3535

3636
- name: Login to Quay
37-
uses: docker/login-action@v3
37+
uses: docker/login-action@v4
3838
with:
3939
registry: quay.io/triton-dev-containers
4040
username: ${{ secrets.qt_username }}
4141
password: ${{ secrets.qt_password }}
4242

4343
- name: Generate SBOM with Trivy
44-
uses: aquasecurity/trivy-action@0.33.1
44+
uses: aquasecurity/trivy-action@0.35.0
4545
with:
4646
image-ref: quay.io/triton-dev-containers/${{ inputs.image-name }}:${{ inputs.image-tag }}
4747
format: spdx-json
@@ -58,7 +58,7 @@ jobs:
5858
run: gzip ./sbom-${{ inputs.image-name }}-${{ inputs.image-tag }}.spdx.json
5959

6060
- name: Upload SBOM Artifact
61-
uses: actions/upload-artifact@v6
61+
uses: actions/upload-artifact@v7
6262
with:
6363
name: sbom-${{ inputs.image-name }}-${{ inputs.image-tag }}.spdx.json.gz
6464
path: ./sbom-${{ inputs.image-name }}-${{ inputs.image-tag }}.spdx.json.gz

0 commit comments

Comments
 (0)